RE: [External] : Re: [PATCH] net/tap: Modified TAP BPF program as per the new Kernel-version upgrade requirements.

Fri, 05 Jan 2024 06:44:55 -0800 

Hi Stephen,

The BPF helper man pages implies in that way and the SKB data pointer access 
was working till 5.4 kernel also, however from Kernel-5.15 version, we do see 
eBPF verifier throws error when we use SKB data pointer access.
So, I had used this helper functions and able to resolve the errors. This is 
helper functions are safe to use and also protects from any non-linear skb data 
buffer access also.

So, I think using helper functions is better and safe way to access the SKB 
data, instead of pointer access.

Thanks,
Madhuker.

-----Original Message-----
From: Stephen Hemminger <step...@networkplumber.org> 
Sent: 05 January 2024 02:27
To: Madhuker Mythri <madhuker.myt...@oracle.com>
Cc: ferruh.yi...@amd.com; dev@dpdk.org
Subject: [External] : Re: [PATCH] net/tap: Modified TAP BPF program as per the 
new Kernel-version upgrade requirements.

On Thu,  4 Jan 2024 22:57:56 +0530
madhuker.myt...@oracle.com wrote:

> ------------------------
> 
> RCA:  These errors started coming after from the Kernel-5.15 version, in 
> which lots of new BPF verification restrictions were added for safe execution 
> of byte-code on to the Kernel, due to which existing BPF program verification 
> does not pass.
> Here are the major BPF verifier restrictions observed:
> 1) Need to use new BPF maps structure.
> 2) Kernel SKB data pointer access not allowed.

I noticed you are now using bpf_skb_load_bytes(), but the bpf helper man page 
implies it is not needed.

     long bpf_skb_load_bytes(const void *skb, u32 offset, void *to,
       u32 len)

              Description
                     This helper was provided as an easy way to load
                     data from a packet. It can be used to load len
                     bytes from offset from the packet associated to
                     skb, into the buffer pointed by to.

                     Since Linux 4.7, usage of this helper has mostly
                     been replaced by "direct packet access", enabling
                     packet data to be manipulated with skb->data and
                     skb->data_end pointing respectively to the first
                     byte of packet data and to the byte after the last
                     byte of packet data. However, it remains useful if
                     one wishes to read large quantities of data at once
                     from a packet into the eBPF stack.

              Return 0 on success, or a negative error in case of

Reply via email to